IT Security News Daily Summary 2023-07-25

• SiegedSec Hacktivist Claims to Strike NATO and Leak Sensitive Docs

• Apple patches exploited bugs in iPhones plus other holes

• Who and What is Behind the Malware Proxy Service SocksEscort?

• Decoy Dog Gets an Upgrade With New Persistence Features

• KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related

• 50% of Zero Trust Programs Risk Failure According to PlainID Survey

• Why Computer Security Advice Is More Confusing Than It Should Be

• ChatGPT Has a Plug-In Problem

• What is Incident Response? Ultimate Guide + Templates

• Zero-Day Vulnerabilities Discovered in Global Emergency Services Communications Protocol

• FBI Seizure of Mastodon Server is a Wakeup Call to Fediverse Users and Hosts to Protect their Users

• Thoma Bravo sells Imperva to Thales Group for $3.6B

• VMware addressed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment

• Explainability of Machine Learning Models: Increasing Trust and Understanding in AI Systems

• Stay Vigilant: Google Docs Phishing Scams Spreading Rapidly

• Human Error: A Helping Hand for Cyber Criminals

• Webinar Tomorrow: Exposing Common Myths of OT Cybersecurity

• Ivanti EPMM zero-day vulnerability exploited in wild

• Lazarus APT Group Targets Windows IIS Web Servers to Distribute Malware

• Get 8 Months of Live Cyber Security Training for Under $500

• Ivanti Zero-Day Exploit Disrupts Norway’s Government Services

• ChatGPT Has a Plugin Problem

• How to build stronger security teams

• Cryptojacking: Understanding and defending against cloud compute resource abuse

• Database APIs: Benefits, Limitations, and When You Should Switch to Datasets

• 4 ways to avoid clicking malicious links that everyone online should know

• Maritime Cyberattack Database Launched by Dutch University

• Decoy Dog Malware Upgraded to Include New Features

• Essential Metrics to Boost Support for Your Cybersecurity Learning Program – Part 1

• Cybercrime as a Public Health Crisis

• Ransomware business model-What is it and how to break it?

• How to Leverage AWS Performance Efficiency Pillar

• TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems

• Actively Exploited Apple Zero-Day Affects iPhone Kernel

• Groundbreaking Integration: Stellar Cyber Safeguards OT Environments Alongside IT

• North Korean Cyber Group Suspected in JumpCloud Breach

• Google limits internet access to employees to save them from Cyber Attacks

• Critical Flaws Found in Microsoft Message Queuing Service

• ZEDEDA improves application performance and security with Edge Application Services

• NETSCOUT introduces next generation Omnis Cyber Intelligence solution

• Zenbleed – AMD’s Zen2 Processor Flaw Allows Attackers to Steal Sensitive Data

• North Korean Nation-State Actors Exposed in JumpCloud Hack After OPSEC Blunder

• Open Source Software Supply Chain Attacks Spotted Targeting the Banking Sector

• Yoga Trainer Defrauded of Rs.94,998 in a Paytm Fraud

• 5 steps to approach BYOD compliance policies

• Panorays unveils cybersecurity enhancements for supply chains

• Lookout releases new endpoint agents to replace virtual private networks

• Dig Data Security Platform enhancements secure LLM architectures

• How Generative AI Affects Mobile Security

• Beyond ChatGPT: Organizations Must Protect Themselves Against the Power of AI

• AMD Zenbleed Chip Bug Leaks Secrets Fast And Easy

• Apple Patches Another Kernel Flaw Exploited In Operation Triangulation

• China-Backed Hackers Suspected In NetScaler RCE Attacks

• Ivanti Zero-Day Vuln Exploited In Attack On Norwegian Government

• Critical Vulnerabilities in AMI MegaRAC BMC Software

• Canadian Cybersecurity Head Warns of Surging AI-Powered Hacking and Disinformation

• Vulnerability Summary for the Week of July 17, 2023

• Combining EPP and EDR tools can boost your endpoint security

• Thales Acquiring Imperva From Thoma Bravo for $3.6 Billion

• Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique

• AMD CPU Vulnerability ‘Zenbleed’ Can Expose Sensitive Information

• UK Government Report Finds Cybersecurity Skills Gap Stagnant

• Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078)

• OpenText Cloud Editions 23.3 helps customers interconnect and exchange insights across clouds

• How Memcyco Battles Brandjacking with a Multi-Layered Defense

• Hackers Use SMS Alerts to Install SpyNote Malware

• Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk

• How MDR Helps Solve the Cybersecurity Talent Gap

• TETRA:BURST — 5 New Vulnerabilities Exposed in Widely Used Radio Communication System

• macOS Under Attack: Examining the Growing Threat and User Perspectives

• Ivanti rushes to patch zero-day used to breach Norway’s government

• Patch Tuesday July 2023 – Microsoft Publishes Bug Fixes for 142 Vulnerabilities [UPDATED]

• What Is Mobile Device Management? Role in Endpoint Security and Benefits

• Energy-Saving Heroes: Eco-Friendly Home Appliances for a Sustainable Future

• Traversing the Investment Landscape: The Vital Role of Venture Capitalists

• Critical Flaws Exposed Microsoft Message Queuing Service to DoS Attacks

• ‘SIM Swapper’ Pleads Guilty For Hacking Instagram User Accounts

• An Interview with Sarah Armstrong-Smith

• Critical Flaws Exposed Microsoft Message Queuing Service to DoS Attack

• How to Create a Custom Security & Threat Dashboard in Power BI

• ChatGPT Plugins Pose Security Risks

• Thales enters app security market with $3.6B Imperva acquisition

• Protect Your Data Like Your Reputation Depends On It (Because it Does)

• Silicon Insights: The State of MarTech: Part 2

• ‘SIM Swapper’ Pleads Guilty to Hacking into Instagram Users

• Sysdig Sage brings power of generative AI to cloud security with an LLM controller approach

• Hacker Claims to Have Stolen Sensitive Medical Records from Egypt’s Ministry of Health

• TETRA Communication Systems Vulnerabilities Expose Critical Infrastructure

• Worldcoin Holds Official Launch Amidst Crypto Crackdown

• 15 More Vulnerabilities Added to 2023 CWE Top 25 Most Dangerous Software

• Operation Geometrix Do Brasil

• Ivanti Zero-Day Vulnerability Exploited in Attack on Norwegian Government

• Deciphering the IBM Cost of a Data Breach Report: A Statistical Perspective for Business Leaders

• Decoding the PlainID Zero Trust Survey: Key Insights for Business Leaders

• Thales acquires Imperva for $3.6 billion

• Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606)

• SoftBank In Deal With Symbiotic For AI-Powered Warehouses

• EU ‘Set For In-Depth Probe’ Of $20bn Adobe-Figma Buy

• Aussie Government Exposed Personal Info Via Security Report

• EU Agrees on Common Position for Cyber Resilience Act to Enhance Security of Digital Products

• How to Develop a Telemedicine Software in 2023

• ATT&CKing the Center for Internet Security

• CISO to BISO – What’s your next role?

• Ivanti Patches Zero-Day Bug Used in Norway Attacks

• Is the UK about to steal a lead in the AI race?

• Google Ordered To Pay $338.7m Over Chromecast Patents

• Tesla ‘Meeting With Indian Govt’ Over Car Plant

• Data Breach Costs Hit Record High but Fall For Some

• Network Encryption Keeps Our Data in Motion Secure for Business Services

• Need to improve the detection capabilities in your security products?

• China Looks To AI-Generated Hosts For Livestream Sales

• Apple addressed a new actively exploited zero-day tracked as CVE-2023-38606

• BookCrossing – 1,582,323 breached accounts

• Twelve Norwegian ministries were hacked using a zero-day vulnerability

• Converging networking and security with SASE

• Inspiring secure coding: Strategies to encourage developers’ continuous improvement

• Akira and BlackByte ransomware group claim attack on Yamaha Music Canada

• Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs

• Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation

• Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo

• RaaS proliferation: 14 new ransomware groups target organizations worldwide

• Companies are rushing into generative AI without a cohesive, secure strategy

• Safeguarding the IoT Landscape With Data Masking Techniques

• Yes! OpenTelemetry Is a Critical Part of Securing Your Systems

• The Next Step: VHD Files and Metadata

• A week in security (July 17 – 23)

• Apple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ Attacks

• Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day

• Tigo – 700,394 breached accounts

• From Power Grids to Airports: TETRA Radio Hacking Risks Global Infrastructure

• TETRA radio comms used by emergency heroes easily cracked, say experts

• The U.S. Is Falling Behind on Encryption Standards – And That’s a Global Problem

• OpenAI, Google and More Agree to White House List of Eight AI Safety Assurances

• CISOs Connect Launches the 2023 CISO Choice Awards

• Global Security Assurance Market to Reach $13B by 2030

• Managing Human Risk: Discoveries From SANS 2023 Security Awareness Report

• Cl0p Ransomware Gang Leaks MOVEit Data on Clearweb Sites

• TARA Partners With Plante Moran to Deliver Risk-Based Vulnerability Management

• OneTrust Secures $150M Investment Led by Generation Investment Management

• The NDAA is No Place for Sweeping Internet Legislation Like the STOP CSAM Act

• IT Security News Daily Summary 2023-07-24

• How to Easily Block IP Addresses From Accessing a Desktop or Server

• China Propaganda Spreads via US News Sites, Freelancers, Times Square

• Experts Warn About New “Malicious Tagging” Facebook Scam

• AMD Zenbleed chip bug leaks secrets fast and easy

• Coveware: Rate of victims paying ransom continues to plummet

• Are AI-Engineered Threats FUD or Reality?

• Orgs Face Record $4.5M Per Data Breach Incident

• Nubeva’s Ransomware Key Interception and Decryption Technology Validated in Third-Party Lab

• How To Merge And Use AI In Cybersecurity To Prevent Cyber Attacks

• Hardware-bound passkeys are still ultimate in security: Yubico VP

• Mandiant: JumpCloud breach led to supply chain attack

• Atlassian RCE Bugs Plague Confluence, Bamboo

• Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats

• New Microsoft identity and data security capabilities to accelerate CMMC compliance for the Defense Industrial Base

• Norway Probes Major Cyberattack on 12 Government Ministries

• Hacking police radios: 30-year-old crypto flaws in the spotlight

• KillNet’s Kremlin Connection Unclear as the Cybercrime Collective Grows

• Digital Rights Updates with EFFector 35.9

• Want to Alleviate CISO Burnout? Tear Down the Security Tower of Babel

• Singapore looks for generative AI use cases with sandbox options

• Artificial Intelligence Governance Professional Certification – AIGP

• Stories from the SOC: OneNote MalSpam – Detection & response

• Roblox Developers Conference Attendees’ Data Breached

• Tips To Keep Track of Code and Infrastructure Security Risks

• The top 10 technologies defining the future of cybersecurity

• Tampa General Hospital Data Breach Impacts 1.2 Million Patients

• North Korean Cyberspies Target GitHub Developers

• Spyhide stalkerware is spying on tens of thousands of phones

• Twitter Scraps Iconic Blue Bird, Officially Rebrands As ‘X’

• IBM FlashSystem 5045 aids access to storage cyber resilience

• Biden-Harris Administration Secures AI Commitments For Safety

• Has the MOVEit hack paid off for Cl0p?

• OneTrust raises $150 million to accelerate platform innovation

• Stolen Microsoft Key: The Impact Is Higher Than Expected

• A critical cybersecurity backup plan that too many companies are ignoring

• How to make sure the reputation of your products and company is good

• DdoS attack on 12 Norway government websites

• OneTrust Raises $150 Million at $4.5 Billion Valuation

• North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say

• Beyond Security: The Comprehensive Approach to Tackling Cyberattacks

• Movie Scam: Fraudsters Take Advantage of the Popularity of Barbie and Oppenheimer

• Storm-0558 Breach: Microsoft Breach Risks Millions of Azure AD Apps

• How to use Discord’s ‘Family Center’ to help protect your child

• Cyber-Attack Strikes Norwegian Government Ministries

• Is Your Peloton Attracting Security Threats?

• Hackers exploit Citrix zero-day to target US critical infrastructure

• A flaw in OpenSSH forwarded ssh-agent allows remote code execution

• DC Circuit FOSTA Ruling Lets a Bad Law Stay on the Books, But Offers Meaningful Protection for Some Sex Work Forums and Sex Workers Using Online Services

• Court Rejects Efforts to Identify Anoymous Webhost

• Automation Technologies That Improve Agricultural Returns

• 12 Norway Government Ministries were Targeted in a Cyberattack

• Is It Okay To Stop Running Your Tests After the First Failure?

• Over 20,000 Citrix Appliances Vulnerable to New Exploit

• Los Angeles SIM Swapper Pleads Guilty to Cybercrime Charges

• MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows

• Cybersecurity Public-Private Partnership: Where Do We Go Next?

• Designing a Security Strategy for Defending Multicloud Architectures

• The Best Personal Safety Devices, Apps, and Wearables (2023)

• D2iQ DKP AI Navigator simplifies Kubernetes management

• US companies commit to safe, transparent AI development

• Warcraft Fans Trick AI with Glorbo Hoax

• GitHub Issues Alert on Lazarus Group’s Social Engineering Attack on Developers

• DangerousPassword Campaign Targets Desktops With Python, Node.js Malware

• Flipper Zero gets an app store

• How to Protect Patients and Their Privacy in Your SaaS Apps

• Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol

• Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

• WebBoss.io CMS Concerns: A Tale Of Neglect And Unresponsiveness

• Los Angeles SIM Swapper Pleads Guilty To Cybercrime Charges

• MOVEit Hack Could Earn Cybercriminals $100 Million

• Researchers Find Backdoor In Encrypted Police And Military Radios

• Critical Zyxel Firewall Injection Flaw Exploited to Conduct DDoS Attacks

• The New Summer Vacation Necessity: Cyber Hygiene

• Industrial Organizations in Eastern Europe Targeted by Chinese Cyberspies

• Perimeter81 Vulnerability Disclosed After Botched Disclosure Process

• Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo

• Average cost of a data breach reaches $4.45 million in 2023

• From Lullabies to Apps: Tracing the Impact of Technology on Infant Care Over the Past 30 Years

• Actionable Threat Intel (IV) – YARA beyond files: extending rules to network IoCs

• Novel Open Source Supply Chain Attacks Target Banking Sector

• New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

• Cisco Disclosed Vulnerabilities In SPA500 Series IP Phones – Won’t Fix

• Adobe Patched Critical ColdFusion Zero-Day Flaw Under Attack

• WhatsApp Quietly Mitigates Remote Account Deactivation Threat Hours After The Report

• Amazon Builds $120m Florida Facility For Internet Satellites

• The Silicon UK In Focus Podcast is 100!

• TETRA Radio Code Encryption Has a Flaw: A Backdoor

• Experts warn of OSS supply chain attacks against the banking sector

• Toyota Looks To Use Lunar Water To Power Manned Moon Vehicle

• CMA Publishes Microsoft Arguments As It Denies Bowing To Pressure

• A new hope for software security

• Booz Allen Pays $377m to Settle Government Fraud Case

• How-To: NIS2 EU Directive

• Micron Chief ‘Meets With Chinese Government’ Amidst Sanctions

• What is SWIFT? 8 Things You Need to Know

• DSPM and CSPM: What are the Differences?

• Thousands of Citrix Servers Exposed to Zero-Day Bug

• Gamers Trick AI-Generated News Site Into Posting Fake Article

• Start-Up Eve To Build ‘Flying Taxis’ In Brazil

• ASML Boosts Revenue Outlook On China Demand

• Clop Could Make $100m from MOVEit Campaign

• Banking Sector Targeted in Open-Source Software Supply Chain Attacks

• Apple could opt to stop iMessage and FaceTime services due to the government’s surveillance demands

• Software developers, how secure is your software?

• Hacked Microsoft Keys Let Attackers Access a Wide Range of Azure Applications

• How to Put the Sec in DevSecOps

• What C-Suite Leaders Need to Know About XDR

• North Korean Hacker Group Breached US IT Firm JumpCloud

• Bridging the cybersecurity skills gap through cyber range training

• Ransomware news trending on Google

• Topics to study for job in Artificial Intelligence

• What’s new in the 2023 Cost of a Data Breach report

• Part 1: Historic To 2022 – The APT And Logical Threats

• The Email Threat Landscape, Q1 2023: Key Takeaways

• Consumers demand more from businesses when it comes to security

• Shaping the future of digital identity

• Strengthening the weakest links in the digital supply chain

• Google half-patches Cloud Build permissions exploit, the rest is on you

• IBM Report: Average Cost of a Data Breach Rises to $4.45 Million

• Failing to embrace AI is the real ‘threat’ to the US in the global AI race: Investor

• E-commerce Cybersecurity: How to Protect Customer Data and Online Transactions

Generated on 2023-07-25 23:55:25.520872